From 04a357021c196bd62a1579f682736b8af43a8cf7 Mon Sep 17 00:00:00 2001 From: "Zheng, Qi" Date: Wed, 9 Feb 2022 14:48:36 +0800 Subject: [PATCH] Update dcap demo using prebuilt dcap lib --- demos/remote_attestation/dcap/README.md | 4 +- demos/remote_attestation/dcap/c_app/Makefile | 5 +- .../dcap/c_app/dcap_c_test.c | 5 +- .../dcap/c_app/dcap_quote.h | 37 ---- demos/remote_attestation/dcap/dcap-musl.yaml | 4 +- demos/remote_attestation/dcap/dcap.yaml | 4 +- .../dcap/dcap_lib/Cargo.toml | 15 -- .../dcap/dcap_lib/examples/dcap_test.rs | 172 ------------------ .../dcap/dcap_lib/src/dcap_quote.rs | 132 -------------- .../dcap/dcap_lib/src/lib.rs | 109 ----------- .../dcap/run_dcap_quote_on_occlum.sh | 12 +- 11 files changed, 17 insertions(+), 482 deletions(-) delete mode 100644 demos/remote_attestation/dcap/c_app/dcap_quote.h delete mode 100644 demos/remote_attestation/dcap/dcap_lib/Cargo.toml delete mode 100644 demos/remote_attestation/dcap/dcap_lib/examples/dcap_test.rs delete mode 100644 demos/remote_attestation/dcap/dcap_lib/src/dcap_quote.rs delete mode 100644 demos/remote_attestation/dcap/dcap_lib/src/lib.rs diff --git a/demos/remote_attestation/dcap/README.md b/demos/remote_attestation/dcap/README.md index 97fb821d..2a328efe 100644 --- a/demos/remote_attestation/dcap/README.md +++ b/demos/remote_attestation/dcap/README.md @@ -1,4 +1,4 @@ -# SGX DCAP Remote Attestation Demo in Rust +# SGX DCAP Remote Attestation Demo This project demonstrates how to do Intel SGX DCAP (Datacenter Attestation Primitives) remote attestation on Occlum. Occlum provides SGX capabilities to @@ -18,7 +18,7 @@ applications through ioctls on device `/dev/sgx`. ## Run this demo on Occlum -You can run the DCAP quote generation and verification demo, including dcap library build, rust test demo and C test demo on Occlum via +You can run the DCAP quote generation and verification demo, including rust test demo and C test demo on Occlum via ``` ./run_dcap_quote_on_occlum.sh ``` diff --git a/demos/remote_attestation/dcap/c_app/Makefile b/demos/remote_attestation/dcap/c_app/Makefile index 5e81f43e..c7e58c26 100644 --- a/demos/remote_attestation/dcap/c_app/Makefile +++ b/demos/remote_attestation/dcap/c_app/Makefile @@ -1,13 +1,14 @@ CC ?= gcc LD ?= ld -LIBPATH ?= ../dcap_lib/target/debug +LIBPATH ?= /opt/occlum/toolchains/dcap_lib/glibc +INCPATH ?= /opt/occlum/toolchains/dcap_lib/inc .PHONY: all clean all: dcap_c_test dcap_c_test: dcap_c_test.c - $(CC) $^ -fPIE -pie -o $@ -L $(LIBPATH) -ldcap_quote -I /opt/intel/sgxsdk/include + $(CC) $^ -fPIE -pie -o $@ -L $(LIBPATH) -locclum_dcap -I /opt/intel/sgxsdk/include -I $(INCPATH) clean: rm -rf dcap_c_test diff --git a/demos/remote_attestation/dcap/c_app/dcap_c_test.c b/demos/remote_attestation/dcap/c_app/dcap_c_test.c index a232c3ae..70dbd419 100644 --- a/demos/remote_attestation/dcap/c_app/dcap_c_test.c +++ b/demos/remote_attestation/dcap/c_app/dcap_c_test.c @@ -3,8 +3,11 @@ #include #include "sgx_quote_3.h" -#include "dcap_quote.h" +#include "sgx_urts.h" +#include "sgx_pce.h" +#include "sgx_error.h" +#include "occlum_dcap.h" void dump_quote_info(sgx_quote3_t *p_quote) { diff --git a/demos/remote_attestation/dcap/c_app/dcap_quote.h b/demos/remote_attestation/dcap/c_app/dcap_quote.h deleted file mode 100644 index 42023e28..00000000 --- a/demos/remote_attestation/dcap/c_app/dcap_quote.h +++ /dev/null @@ -1,37 +0,0 @@ -#include -#include -#include -#include - -#include "sgx_urts.h" -#include "sgx_report.h" -#include "sgx_qve_header.h" -#include "sgx_pce.h" -#include "sgx_error.h" - -#ifdef __cplusplus -extern "C" { -#endif - -void *dcap_quote_open(void); - -uint32_t dcap_get_quote_size(void *handle); - -int32_t dcap_generate_quote(void *handle, uint8_t *quote_buf, const sgx_report_data_t *report_data); - -uint32_t dcap_get_supplemental_data_size(void *handle); - -int32_t dcap_verify_quote(void *handle, - const uint8_t *quote_buf, - uint32_t quote_size, - uint32_t *collateral_expiration_status, - sgx_ql_qv_result_t *quote_verification_result, - uint32_t supplemental_data_size, - uint8_t *supplemental_data); - - -void dcap_quote_close(void *handle); - -#ifdef __cplusplus -} -#endif diff --git a/demos/remote_attestation/dcap/dcap-musl.yaml b/demos/remote_attestation/dcap/dcap-musl.yaml index db7dfd3a..fa16d258 100644 --- a/demos/remote_attestation/dcap/dcap-musl.yaml +++ b/demos/remote_attestation/dcap/dcap-musl.yaml @@ -6,11 +6,11 @@ targets: - target: /bin copy: - files: - - ../dcap_lib/target/x86_64-unknown-linux-musl/release/examples/dcap_test + - /opt/occlum/toolchains/dcap_lib/musl/dcap_test - ../c_app/dcap_c_test # copy lib - target: /lib copy: - files: - - ../dcap_lib/target/x86_64-unknown-linux-musl/release/libdcap_quote.so + - /opt/occlum/toolchains/dcap_lib/musl/libocclum_dcap.so diff --git a/demos/remote_attestation/dcap/dcap.yaml b/demos/remote_attestation/dcap/dcap.yaml index ccd20e4b..4b6b6638 100644 --- a/demos/remote_attestation/dcap/dcap.yaml +++ b/demos/remote_attestation/dcap/dcap.yaml @@ -6,11 +6,11 @@ targets: - target: /bin copy: - files: - - ../dcap_lib/target/release/examples/dcap_test + - /opt/occlum/toolchains/dcap_lib/glibc/dcap_test - ../c_app/dcap_c_test # copy lib - target: /opt/occlum/glibc/lib copy: - files: - - ../dcap_lib/target/release/libdcap_quote.so + - /opt/occlum/toolchains/dcap_lib/glibc/libocclum_dcap.so diff --git a/demos/remote_attestation/dcap/dcap_lib/Cargo.toml b/demos/remote_attestation/dcap/dcap_lib/Cargo.toml deleted file mode 100644 index 0bb9d9cd..00000000 --- a/demos/remote_attestation/dcap/dcap_lib/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "dcap_quote" -version = "0.1.0" -authors = ["Zheng, Qi "] -edition = "2018" - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -sgx_types = { path = "../../../../deps/rust-sgx-sdk/sgx_types" } -libc = "0.2" -cfg-if = "1.0.0" - -[lib] -crate-type = ["cdylib", "rlib", "staticlib"] diff --git a/demos/remote_attestation/dcap/dcap_lib/examples/dcap_test.rs b/demos/remote_attestation/dcap/dcap_lib/examples/dcap_test.rs deleted file mode 100644 index b1c1af86..00000000 --- a/demos/remote_attestation/dcap/dcap_lib/examples/dcap_test.rs +++ /dev/null @@ -1,172 +0,0 @@ -extern crate dcap_quote; -use std::str; -use std::io::Result; -use std::convert::TryFrom; -use dcap_quote::*; -use sgx_types::{ - sgx_quote_header_t, sgx_report_data_t, sgx_ql_qv_result_t, sgx_report_body_t -}; - -struct DcapDemo { - dcap_quote: DcapQuote, - quote_size: u32, - quote_buf: Vec, - req_data: sgx_report_data_t, - supplemental_size: u32, - suppl_buf: Vec -} - -impl DcapDemo { - pub fn new(report_data: &str) -> Self { - let mut dcap = DcapQuote::new(); - let quote_size = dcap.get_quote_size(); - let supplemental_size = dcap.get_supplemental_data_size(); - let quote_buf: Vec = vec![0; quote_size as usize]; - let suppl_buf: Vec = vec![0; supplemental_size as usize]; - let mut req_data = sgx_report_data_t::default(); - - //fill in the report data array - for (pos, val) in report_data.as_bytes().iter().enumerate() { - req_data.d[pos] = *val; - } - - Self { - dcap_quote: dcap, - quote_size: quote_size, - quote_buf: quote_buf, - req_data: req_data, - supplemental_size: supplemental_size, - suppl_buf: suppl_buf - } - } - - fn dcap_quote_gen(&mut self) -> Result { - self.dcap_quote.generate_quote(self.quote_buf.as_mut_ptr(), &mut self.req_data).unwrap(); - - println!("DCAP generate quote successfully"); - - Ok( 0 ) - } - - // Quote has type `sgx_quote3_t` and is structured as - // pub struct sgx_quote3_t { - // pub header: sgx_quote_header_t, - // pub report_body: sgx_report_body_t, - // pub signature_data_len: uint32_t, - // pub signature_data: [uint8_t; 0], - // } - - fn dcap_quote_get_report_body(&mut self) -> Result<*const sgx_report_body_t> { - let report_body_offset = std::mem::size_of::(); - let report_body: *const sgx_report_body_t - = (self.quote_buf[report_body_offset..]).as_ptr() as _; - - Ok(report_body) - } - - fn dcap_quote_get_report_data(&mut self) -> Result<*const sgx_report_data_t> { - let report_body_ptr = self.dcap_quote_get_report_body().unwrap(); - let report_data_ptr = unsafe { &(*report_body_ptr).report_data }; - - Ok(report_data_ptr) - } - - fn dcap_quote_ver(&mut self) -> Result { - let mut quote_verification_result = sgx_ql_qv_result_t::SGX_QL_QV_RESULT_UNSPECIFIED; - let mut status = 1; - - let mut verify_arg = IoctlVerDCAPQuoteArg { - quote_buf: self.quote_buf.as_mut_ptr(), - quote_size: self.quote_size, - collateral_expiration_status: &mut status, - quote_verification_result: &mut quote_verification_result, - supplemental_data_size: self.supplemental_size, - supplemental_data: self.suppl_buf.as_mut_ptr(), - }; - - self.dcap_quote.verify_quote(&mut verify_arg).unwrap(); - println!("DCAP verify quote successfully"); - - Ok( quote_verification_result ) - } - - fn dcap_dump_quote_info(&mut self) { - let report_body_ptr = self.dcap_quote_get_report_body().unwrap(); - - // Dump ISV FAMILY ID - let family_id = unsafe { (*report_body_ptr).isv_family_id }; - let (fam_id_l, fam_id_h) = family_id.split_at(8); - let fam_id_l = <&[u8; 8]>::try_from(fam_id_l).unwrap(); - let fam_id_l = u64::from_le_bytes(*fam_id_l); - let fam_id_h = <&[u8; 8]>::try_from(fam_id_h).unwrap(); - let fam_id_h = u64::from_le_bytes(*fam_id_h); - println!("\nSGX ISV Family ID:"); - println!("\t Low 8 bytes: 0x{:016x?}\t", fam_id_l); - println!("\t high 8 bytes: 0x{:016x?}\t", fam_id_h); - - // Dump ISV EXT Product ID - let prod_id = unsafe { (*report_body_ptr).isv_ext_prod_id }; - let (prod_id_l, prod_id_h) = prod_id.split_at(8); - let prod_id_l = <&[u8; 8]>::try_from(prod_id_l).unwrap(); - let prod_id_l = u64::from_le_bytes(*prod_id_l); - let prod_id_h = <&[u8; 8]>::try_from(prod_id_h).unwrap(); - let prod_id_h = u64::from_le_bytes(*prod_id_h); - println!("\nSGX ISV EXT Product ID:"); - println!("\t Low 8 bytes: 0x{:016x?}\t", prod_id_l); - println!("\t high 8 bytes: 0x{:016x?}\t", prod_id_h); - - // Dump CONFIG ID - let conf_id = unsafe { (*report_body_ptr).config_id }; - println!("\nSGX CONFIG ID:"); - println!("\t{:02x?}", &conf_id[..16]); - println!("\t{:02x?}", &conf_id[16..32]); - println!("\t{:02x?}", &conf_id[32..48]); - println!("\t{:02x?}", &conf_id[48..]); - - // Dump CONFIG SVN - let conf_svn = unsafe { (*report_body_ptr).config_svn }; - println!("\nSGX CONFIG SVN:\t {:04x?}", conf_svn); - } -} - -impl Drop for DcapDemo { - fn drop(&mut self) { - self.dcap_quote.close(); - } -} - -fn main() { - let report_str = "Dcap demo sample"; - let mut dcap_demo = DcapDemo::new(report_str); - - println!("Generate quote with report data : {}", report_str); - dcap_demo.dcap_quote_gen().unwrap(); - - // compare the report data in quote buffer - let report_data_ptr = dcap_demo.dcap_quote_get_report_data().unwrap(); - let string = str::from_utf8( unsafe { &(*report_data_ptr).d } ).unwrap(); - - if report_str == &string[..report_str.len()] { - println!("Report data from Quote: '{}' exactly matches.", string); - } else { - println!("Report data from Quote: '{}' doesn't match !!!", string); - } - - dcap_demo.dcap_dump_quote_info(); - - let result = dcap_demo.dcap_quote_ver().unwrap(); - match result { - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OK => { - println!("Succeed to verify the quote!"); - }, - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_CONFIG_NEEDED | - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OUT_OF_DATE | - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED | - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_SW_HARDENING_NEEDED | - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_CONFIG_AND_SW_HARDENING_NEEDED => { - println!("WARN: App: Verification completed with Non-terminal result: {}", result); - }, - _ => println!("Error: App: Verification completed with Terminal result: {}", result), - } - -} diff --git a/demos/remote_attestation/dcap/dcap_lib/src/dcap_quote.rs b/demos/remote_attestation/dcap/dcap_lib/src/dcap_quote.rs deleted file mode 100644 index 100e871d..00000000 --- a/demos/remote_attestation/dcap/dcap_lib/src/dcap_quote.rs +++ /dev/null @@ -1,132 +0,0 @@ -use libc::*; -use std::ffi::CString; - -use sgx_types::{ - sgx_report_data_t, sgx_ql_qv_result_t -}; - -const SGXIOC_GET_DCAP_QUOTE_SIZE: u64 = 0x80047307; -const SGXIOC_GEN_DCAP_QUOTE: u64 = 0xc0187308; -const SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = 0x80047309; -const SGXIOC_VER_DCAP_QUOTE: u64 = 0xc030730a; - -cfg_if::cfg_if! { - if #[cfg(target_env = "musl")] { - const IOCTL_GET_DCAP_QUOTE_SIZE: i32 = SGXIOC_GET_DCAP_QUOTE_SIZE as i32; - const IOCTL_GEN_DCAP_QUOTE: i32 = SGXIOC_GEN_DCAP_QUOTE as i32; - const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: i32 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE as i32; - const IOCTL_VER_DCAP_QUOTE: i32 = SGXIOC_VER_DCAP_QUOTE as i32; - } else { - const IOCTL_GET_DCAP_QUOTE_SIZE: u64 = SGXIOC_GET_DCAP_QUOTE_SIZE; - const IOCTL_GEN_DCAP_QUOTE: u64 = SGXIOC_GEN_DCAP_QUOTE; - const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE; - const IOCTL_VER_DCAP_QUOTE: u64 = SGXIOC_VER_DCAP_QUOTE; - } -} - - -// Copy from occlum/src/libos/src/fs/dev_fs/dev_sgx/mod.rs -//#[allow(dead_code)] -#[repr(C)] -pub struct IoctlGenDCAPQuoteArg { - pub report_data: *const sgx_report_data_t, // Input - pub quote_size: *mut u32, // Input/output - pub quote_buf: *mut u8, // Output -} - -// Copy from occlum/src/libos/src/fs/dev_fs/dev_sgx/mod.rs -//#[allow(dead_code)] -#[repr(C)] -pub struct IoctlVerDCAPQuoteArg { - pub quote_buf: *const u8, // Input - pub quote_size: u32, // Input - pub collateral_expiration_status: *mut u32, // Output - pub quote_verification_result: *mut sgx_ql_qv_result_t, // Output - pub supplemental_data_size: u32, // Input (optional) - pub supplemental_data: *mut u8, // Output (optional) -} - -pub struct DcapQuote { - fd: c_int, - quote_size: u32, - supplemental_size: u32, -} - -impl DcapQuote { - pub fn new() -> Self { - println!("DcapQuote: new"); - - let path = CString::new("/dev/sgx").unwrap(); - let fd = unsafe { libc::open(path.as_ptr(), O_RDONLY) }; - if fd > 0 { - Self { - fd: fd, - quote_size: 0, - supplemental_size: 0, - } - } else { - panic!("Open /dev/sgx failed") - } - } - - pub fn get_quote_size(&mut self) -> u32 { - println!("DcapQuote: get_quote_size"); - - let size: u32 = 0; - let ret = unsafe { libc::ioctl(self.fd, IOCTL_GET_DCAP_QUOTE_SIZE, &size) }; - if ret < 0 { - panic!("IOCTRL IOCTL_GET_DCAP_QUOTE_SIZE failed"); - } else { - self.quote_size = size; - size - } - } - - pub fn generate_quote(&mut self, quote_buf: *mut u8, report_data: *const sgx_report_data_t) -> Result { - println!("DcapQuote: generate_quote"); - - let quote_arg: IoctlGenDCAPQuoteArg = IoctlGenDCAPQuoteArg { - report_data: report_data, - quote_size: &mut self.quote_size, - quote_buf: quote_buf, - }; - - let ret = unsafe { libc::ioctl(self.fd, IOCTL_GEN_DCAP_QUOTE, "e_arg) }; - if ret < 0 { - Err("IOCTRL IOCTL_GEN_DCAP_QUOTE failed") - } else { - Ok( 0 ) - } - } - - pub fn get_supplemental_data_size(&mut self) -> u32 { - println!("DcapQuote: get_supplemental_data_size"); - - let size: u32 = 0; - let ret = unsafe { libc::ioctl(self.fd, IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE, &size) }; - if ret < 0 { - panic!("IOCTRL IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE failed"); - } else { - self.supplemental_size = size; - size - } - } - - pub fn verify_quote(&mut self, verify_arg: *mut IoctlVerDCAPQuoteArg) -> Result { - println!("DcapQuote: verify_quote"); - - let ret = unsafe { libc::ioctl(self.fd, IOCTL_VER_DCAP_QUOTE, verify_arg) }; - if ret < 0 { - println!("ret = {}", ret); - Err("IOCTRL IOCTL_VER_DCAP_QUOTE failed") - } else { - Ok( 0 ) - } - } - - pub fn close(&mut self) { - println!("DcapQuote: close"); - unsafe { libc::close(self.fd) }; - } -} - diff --git a/demos/remote_attestation/dcap/dcap_lib/src/lib.rs b/demos/remote_attestation/dcap/dcap_lib/src/lib.rs deleted file mode 100644 index 5275b70b..00000000 --- a/demos/remote_attestation/dcap/dcap_lib/src/lib.rs +++ /dev/null @@ -1,109 +0,0 @@ -use std::boxed::Box; -use libc::{c_void}; - -use sgx_types::{ - sgx_report_data_t, sgx_ql_qv_result_t -}; - -mod dcap_quote; -pub use crate::dcap_quote::*; - -#[no_mangle] -pub extern "C" fn dcap_quote_open() -> *mut c_void { - Box::into_raw(Box::new(DcapQuote::new())) as *mut c_void -} - -#[no_mangle] -pub extern "C" fn dcap_get_quote_size(handle: *mut c_void) -> u32 { - if handle.is_null() { - return 0 - } - - let dcap = unsafe { - &mut *(handle as *mut DcapQuote) - }; - - dcap.get_quote_size() -} - -#[no_mangle] -pub extern "C" fn dcap_generate_quote( - handle: *mut c_void, - quote_buf: *mut u8, - report_data: *const sgx_report_data_t) -> i32 -{ - if handle.is_null() { - return -1 - } - - let dcap = unsafe { - &mut *(handle as *mut DcapQuote) - }; - - dcap.generate_quote(quote_buf, report_data).unwrap(); - - 0 -} - -#[no_mangle] -pub extern "C" fn dcap_get_supplemental_data_size(handle: *mut c_void) -> u32 { - if handle.is_null() { - return 0 - } - - let dcap = unsafe { - &mut *(handle as *mut DcapQuote) - }; - - dcap.get_supplemental_data_size() -} - -#[no_mangle] -pub extern "C" fn dcap_verify_quote( - handle: *mut c_void, - quote_buf: *const u8, - quote_size: u32, - collateral_expiration_status: *mut u32, - quote_verification_result: *mut sgx_ql_qv_result_t, - supplemental_data_size: u32, - supplemental_data: *mut u8) -> i32 -{ - if handle.is_null() { - return -1 - } - - let dcap = unsafe { - &mut *(handle as *mut DcapQuote) - }; - - let mut verify_arg = IoctlVerDCAPQuoteArg { - quote_buf: quote_buf, - quote_size: quote_size, - collateral_expiration_status: collateral_expiration_status, - quote_verification_result: quote_verification_result, - supplemental_data_size: supplemental_data_size, - supplemental_data: supplemental_data, - }; - - dcap.verify_quote(&mut verify_arg).unwrap(); - - 0 -} - - -#[no_mangle] -pub extern "C" fn dcap_quote_close(handle: *mut c_void) { - if handle.is_null() { - return - } - - let dcap = unsafe { - &mut *(handle as *mut DcapQuote) - }; - - dcap.close(); - - unsafe { - Box::from_raw(handle); - } -} diff --git a/demos/remote_attestation/dcap/run_dcap_quote_on_occlum.sh b/demos/remote_attestation/dcap/run_dcap_quote_on_occlum.sh index c59d5514..774d9c0d 100755 --- a/demos/remote_attestation/dcap/run_dcap_quote_on_occlum.sh +++ b/demos/remote_attestation/dcap/run_dcap_quote_on_occlum.sh @@ -10,23 +10,19 @@ if [[ $1 == "musl" ]]; then bomfile="../dcap-musl.yaml" CC=occlum-gcc LD=occlum-ld - CARGO=occlum-cargo - LIBPATH="../dcap_lib/target/x86_64-unknown-linux-musl/release" + LIBPATH="/opt/occlum/toolchains/dcap_lib/musl" else echo "*** Build and run glibc dcap demo ***" bomfile="../dcap.yaml" CC=gcc LD=ld - CARGO=cargo - LIBPATH="../dcap_lib/target/release" + LIBPATH="/opt/occlum/toolchains/dcap_lib/glibc" fi -pushd dcap_lib -$CARGO build --all-targets --release -popd +INCPATH="/opt/occlum/toolchains/dcap_lib/inc" CC=$CC LD=$LD LIBPATH=$LIBPATH make -C c_app clean -CC=$CC LD=$LD LIBPATH=$LIBPATH make -C c_app +CC=$CC LD=$LD LIBPATH=$LIBPATH INCPATH=$INCPATH make -C c_app rm -rf ${INSTANCE_DIR} && occlum new ${INSTANCE_DIR} cd ${INSTANCE_DIR}